Information Security (5 cr)
Code: 3011366-3005
General information
Enrollment
01.06.2022 - 02.10.2022
Timing
29.08.2022 - 31.12.2022
Number of ECTS credits allocated
5 op
Mode of delivery
Contact teaching
Unit
Engineering and Business
Campus
Kupittaa Campus
Teaching languages
- English
Seats
60 - 80
Degree programmes
- Degree Programme in Business Information Technology
Teachers
- Matti Kuikka
- Mika Koivunen
Groups
-
PTIETS21swisPTIETS21 Software Development and Information Systems
-
ICTMODictprojSem
-
PTIETS21dncsPTIETS21 Data Networks and Cybersecurity
-
PTIETS21sepmPTIETS21 Software engineering and Project Management
Objective
After passing the course the student can
- name and explain the basic principles of Information Security
- classify information and information systems
- identify information security threats
- give examples of information security controls and their implementations
- identify and list information security requirements in different kind of organizations taking into account juridical and regulatory requirements
- assess whether there are shortages in security controls’ implementations and give justified recommendations for their improvements
- explain the basics of information security risk management
- create, assess and improve business continuity and disaster recovery plans
- apply information security penetration testing toolkits.
Content
- The importance of Information Security for different organizations (i.e. business, non-profit, societies)
- Basic principles of Information Security
- Players in the Information Security field (good guys, bad guys)
- Information Security Standards and Best Practices
- The basics of Information Security Risk Assessment and Risk Management
- The subareas of Information Security (i.a. traditional, standard based, best practices)
- Threats and attack methods facing different organizations, and protection against them
- Basic principles of encryption and firewalls
- Business Continuity and Disaster Recovery Planning
- Laboratory work
Materials
Will be provided in ItsLearning during the course.
Exam schedules
There is no exam on this course.
Student workload
Lectures 20h
Weekly homework 88h
Lab work 27h
Content scheduling
The importance of Information Security for different organizations (i.e. business, non-profit, societies)
Basic principles of Information Security
Players in the Information Security field (good guys, bad guys)
Information Security Standards and Best Practices
The basics of Information Security Risk Assessment and Risk Management
The subareas of Information Security (i.a. traditional, standard based, best practices)
Threats and attack methods facing different organizations, and protection against them
Basic principles of encryption and firewalls
Business Continuity and Disaster Recovery Planning
Laboratory work
Evaluation scale
H-5
Assessment methods and criteria
Grading is based on weekly assignments and returned laboratory work. Laboratory work is mandatory.
Assessment criteria, fail (0)
<50% assignment points.
Assessment criteria, satisfactory (1-2)
>=50% assignment points. Student understands the basic principles of information security as well as information classification and the most common security threats. Student is familiar with information security requirements and basic concepts of risk management. Student can perform basic security scanning against information systems.
Assessment criteria, good (3-4)
>=70% assignment points. Student understands and can apply the basic principles of information security as well as perform information classification and identify the most common security threats. Student is able to write basic information security requirements and utilize basic concepts of risk management. Student can perform basic security scanning against information systems.
Assessment criteria, excellent (5)
>=90% assignment points. Student understands and can apply the basic principles of information security as well as perform information classification and identify security threats independently. Student is able to write information security requirements and utilize basic concepts of risk management. Student understands the necessity of disaster recovery and business continuity planning. Student can independently perform basic security scanning against information systems.